FOI 6398

Credit/Debit Card Transactions

Request

1. How many times has your organisation been fined for losing confidential customer data during the past three years (from June 1, 2010 to present day)?2. How many of these instances involved the loss or theft of credit card or debit card details? 3. How much were these fines for in total - feel free to list them separately if you prefer?4. Approximately, how many credit card or debit card transactions did your organisation process over the phone over the past 12 months (from June 1, 2012 to present day)?5. What was the approximate total value of these transactions?6. As a percentage, what proportion of these phone transactions are handled internally by your staff, and what proportion is handled by a third-party call centre organisation.7. Assuming a record of these phone transactions are kept for training purposes, for how many years do you typically keep them?8. Do you store recordings of these phone transactions on your own IT/storage systems, or do you pass them to a third-party supplier to manage?9. In either case, are these recordings stored in a Level 1 PCI-DSS compliant data centre?

Response

1. The Council has not been fined for losing confidential customer data during the past three years.2. None.3. Zero.4. Total number of transactions 14,3565. Total value of transactions £2,534,000.006. Payments made on automated telephone line 71%, payments made over the phone with a member of staff 29%7. We do not record any of the telephone transactions8. n/a9. n/a